The importance of an effective compliance program under the Foreign Corrupt Practices Act

Enforcement of the Foreign Corrupt Practices Act (FCPA) remains vigorous and has recently targeted more individual corporate representatives than ever before. The U.S. government's response to the high profile Morgan Stanley and Ralph Lauren matters demonstrates that effective compliance and self-reporting can actually serve as a shield against criminal and civil prosecution. It has long been a maxim that a proactive compliance program provides companies with significant benefits, both external and internal. It is now apparent that the government expressly considers whether a company maintains a robust compliance program in determining whether to bring criminal and civil charges for violations of the FCPA.

The FCPA consists of two key mandates: the anti-bribery provision prohibits a company from bribing a foreign official to obtain or retain business; while the "books and records" provision requires companies to make and keep books and records that accurately and fairly reflect the transactions of the corporation, and devise and maintain an adequate system of internal accounting controls. While the concepts are simple, creating and maintaining an effective compliance program is challenging and requires a strong commitment from all levels of the corporation. As Carlo di Florio, director of the SEC’s Office of Compliance Inspections and Examinations, aptly explained, compliance “is not a responsibility that stops at the desk of the [chief compliance officer].” An effective compliance program should assist companies in detecting and preventing improper conduct, as well as mitigate the cost of any undetected behavior which has led to violations.

The compliance framework

In November 2010, the DOJ offered a glimpse of procedures to implement in its deferred prosecution agreement (DPA) with Panalpina which, among other things, required Panalpina to adopt controls to detect and deter violations of the FCPA and other anti-corruption laws. The corporate compliance program in the DPA outlined 13 areas in which a company must develop internal controls, policies and procedures.

Then, in April 2011, Johnson & Johnson entered into a DPA with the Department of Justice to settle an FCPA enforcement action. In the agreement, the DOJ states: “J&J had a pre-existing compliance and ethics program that was effective and the majority of problematic operations globally resulted from insufficient implementation of the J&J compliance and ethics program in acquired companies.” In addition to the standard compliance measures, the DPA sets forth certain “enhanced compliance obligations” in addition to the generally “effective” compliance procedures J&J had in place.

Finally, in November 2012, at the continued request of legislators and corporations, the DOJ and SEC released A Resource Guide to the Foreign Corrupt Practices Act (the “Guidance”). In 10 chapters, the Guidance essentially compiles the existing interpretive rules, as set forth in the notable DPAs and NPAs, and provides examples of the FCPA’s practical application. Although the Guidance did not provide any new information, it does serve as a centralized resource for the U.S. government’s interpretation of the key provisions of the FCPA.

The benefits of proactive compliance: Morgan Stanley and Ralph Lauren

In April 2012, Garth R. Peterson, a managing director in Morgan Stanley’s real estate investment and fund advisory business in China, pled guilty to conspiring to evade the FCPA’s internal accounting controls. The SEC alleged that Peterson secretly arranged to have at least $1.8 million — disguised as finder’s fees Morgan Stanley’s funds owed to third parties — paid to himself and a Chinese official.

Despite Peterson’s conduct, both the DOJ and SEC announced that, in light of its strong compliance program, they would not prosecute or charge his employer, Morgan Stanley. Ultimately, Morgan Stanley was able to demonstrate: it had a pre-existing, comprehensive and effective compliance program; Peterson, a single rogue employee, acted on his own, in direct defiance of those policies; and the corporate entity did not profit from the bribes. The government not only announced its decision not to prosecute, but it also publicly commended Morgan Stanley’s compliance program “which provided reasonable assurances that its employees were not bribing government officials.”

In addition, in April 2013, the SEC announced its first ever non-prosecution agreement (NPA) with a company involving alleged violations of the FCPA. The SEC entered into the NPA with Ralph Lauren Corporation, resolving claims that Lauren’s Argentine subsidiary paid bribes to government officials in connection with imports of Lauren’s products. The SEC alleged that Lauren Argentina’s general manager provided gifts to customs officials, including perfume, dresses and handbags valued from $400 to $14,000 each. The bribes were uncovered as a result of the company’s implementation of FCPA compliance programs in the U.S. and abroad. Under the NPA, in exchange for non-prosecution, Lauren agreed to pay $734,846 in disgorgement and prejudgment interest and perform certain remedial measures. Kara Brockmeyer, the SEC’s FCPA unit chief, stated, “This NPA shows the benefit of implementing an effective compliance program. Lauren discovered this problem after it put in place an enhanced compliance program and began training its employees. That level of self-policing along with its self-reporting and cooperation led to this resolution.”

According to the SEC, Lauren’s cooperation included reporting preliminary findings of its internal investigation to the SEC staff within two weeks of discovering the illegal payments and gifts; voluntarily and expeditiously producing documents; providing English language translations of documents to the staff; summarizing witness interviews that the company’s investigators conducted overseas; and making overseas witnesses available for interviews with the SEC staff and bringing witnesses to the U.S. The SEC also stated that it took into account the significant remedial measures undertaken by Lauren, including the company’s implementation of a comprehensive new compliance program throughout its operations.

In sum, both Morgan Stanley and Ralph Lauren demonstrate the government’s recognition of cooperation and compliance. Thus, the importance of aggressive compliance and self-assessment simply cannot be overstated.

Lessons for clients

Companies of all sizes must develop, implement, enforce and continually update their compliance programs. As evidenced by the government’s response in recent cases, effective compliance programs:

Allow companies to minimize the impact of current FCPA violations by bringing them to light as soon as reasonably possible

Assist companies in mitigating the damages resulting from FCPA violations

Enable companies to deter and prevent future FCPA violations

Encourage internal communication and collaboration by requiring that employees are educated with respect to relevant risks